Bug: v8:12244,v8:12245
Change-Id: If92311b47a6019cb9f7b96a7dcd313a658d426ec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3265067Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77770}

Bug: v8:12244,v8:12245
Change-Id: I4bc0378a7d4ad3033485f98e446daa7ff2e83e0a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3264646Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77769}

Change-Id: I0b352c8a34f222c904b8cc72db1e315fc7ca48df
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3268297Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77768}

This reverts commit ef62cd06.

Reason for revert: Fails mjsunit/wasm/grow-memory (https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket/8831118281610576833/+/u/Check/grow-memory)

Original change's description:
> [heap] Remove executable_memory_ from release code
>
> The map is only used to check invariants.
>
> Bug: v8:12054
> Change-Id: I7d067cca801c9b6104efb22a26cf27f1f62920c5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3268286
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Victor Gomes <victorgomes@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77766}

Bug: v8:12054
Change-Id: I95af58404719855664a128047ed32e8022dd5dd3
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3268300
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77767}

The map is only used to check invariants.

Bug: v8:12054
Change-Id: I7d067cca801c9b6104efb22a26cf27f1f62920c5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3268286Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77766}

This is an unecessary boolean, that makes reason about the code more
complicated.

Bug: v8:12054
Change-Id: I5bdf2069ead427f53ce774e825fe9656e668480e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3268284
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77765}

Change-Id: I452cc4b2a25ce2d00825bf8eea7ac4073310583b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3260149Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#77764}

And make the GC visit spilled references in the frame.

R=ahaas@chromium.org
CC=​fgm@chromium.org

Bug: v8:12191
Change-Id: Ida430f12a6de7658972e7890542fb02f7f7ddbb1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3226784
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77763}

This CL
* adds forwarding accessors to CodeDataContainer for certain widely
  used Code object's fields and predicates,
* adds JSFunction::set_code() overloads accepting CodeT values,
* migrates SharedFunctionInfo getters to CodeT,
* migrates InterpreterData::interpreter_trampoline to CodeT.

Drive-by-fix: replace #if V8_EXTERNAL_CODE_SPACE with #ifdef to be
consistent.

Bug: v8:11880
Change-Id: I1e114076a0568068038ca6f70a86431a3a9cfb9f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3262716
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77762}

Change-Id: Ibc3b7d73ce92f3d0f848e94b1266c99a78279392
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3259661
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77761}

Bug: v8:11880
Change-Id: I53166b226c29a9244b047431e0830de109975306
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3262128Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77760}

V8 flags in general should not change in a process after the
first Isolate has been initialized. --jitless and related flags
especially sensitive to this, so we introduce a dedicated check
just for them.

Bug: chromium:1262676, v8:9019, v8:12366
Change-Id: I239726889d236a3785c1fdc076fa21d1b8983c92
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3260508
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77759}

... which could contain a smi value during CodeDataContainer setup.

Bug: v8:11880
Change-Id: Ibc67818411e9b824843bc5a20d249335c88d5f57
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3264291
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77758}

This CL fixes a null dereference when an attempt is made to access
the current arm64 simulator from a background thread.

Bug: chromium:1267491
Change-Id: I9232fe134fccbff162eb5076aff20884872e4cc7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3264219
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77757}

`Equals` did not properly account for arrays with odd lengths.

Bug: v8:11069
Change-Id: I3264ebef248adcecd59b902bf1521cfddbd5a69d
Fixed: chromium:1267674
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3264218
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77756}

This CL adds an Allocator to SmallVector to control how dynamic
storage is managed. The default value uses the plain old C++
std::allocator<T>, i.e. acts like malloc/free.

For use with zone memory, one can pass a ZoneAllocator as follows:

  // Allocates in zone memory.
  base::SmallVector<int, kInitialSize, ZoneAllocator<int>>
    xs(ZoneAllocator<int>(zone));

Note: this is a follow-up to crrev.com/c/3240823.

Drive-by: hide the internal `reset` function. It doesn't free the
dynamic backing store; that's a surprise and should not be exposed to
external use.

Change-Id: I1f92f184924541e2269493fb52c30f2fdec032be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3257711
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77755}

Since the indirect function table at index 0 in an instance is now
represented like the other tables, the IndirectFunctionTableEntry
abstraction is no more useful. We replace it with direct access to the
tables and a simpler abstraction {FunctionTargetAndRef}.

Bug: v8:11510
Change-Id: Iab4a6ca7eda8eb1757dbd321cb3997e98e78267e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3247030
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77754}

Introduced by:
https://chromium-review.googlesource.com/c/v8/v8/+/3060486

No-Try: true
Bug: chromium:1052746
Change-Id: I1dd0028fd05999ec7b4128bb9250f7fa663dfe41
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3264292
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77753}

Design doc:  https://bit.ly/3jEVgzz

We represent the indirect function table of a WasmInstanceObject at
index 0 like the rest of the tables, i.e., as the 0th element of the
instance's indirect_function_tables() field. For performance, we
maintain direct links from the instance to the contents of table 0
(indirect_function_table_{size, sig_ids, refs, targets} in
WasmInstanceObject).

Bug: v8:11510
Change-Id: Ice49fd855109051d304ef9033cac7a495b68ab8b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3246970
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77752}

The isolate root pointer in a WasmApiFuncionRef cannot be sandboxed,
because we would need the isolate root in the first place to decode it.
Therefore we do not use Foreign as the parent class of
WasmApiFunctionRef.

Bug: v8:11510
Change-Id: Idcbe654274c543ee571a335cb8e212ca3492d973
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3262134
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77751}

fix node.js DCHECK failed
issue: https://github.com/riscv-collab/v8/issues/514

Change-Id: I07f40e6aca05be3eb7304a43235185fd40ebc1f2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3260979Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#77750}

Internal fields are used for implementing edges to C++ objects in
Oilpan. When setting the fields on a JS API object, we should also
emit a write barrier for this edge.

This mechanism replaces the explicit write barrier in V8's API which
is provided through `JSHeapConsistency::*`.

The internal barrier should also be slightly faster as it doesn't
require any API calls.

Bug: v8:12356
Change-Id: I639d18141acfb910d0ded8d987d8a0916e25431d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3257709
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77749}

Bug: v8:10793
Change-Id: If9e4884ae1817121d9661eedc1e8806ab7f68214
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3256998
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77748}

Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/9088cd6..f7f53e9

Rolling v8/buildtools/third_party/libunwind/trunk: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libunwind/+log/9901571..51ffc5e

Rolling v8/third_party/aemu-linux-x64: Ce6sqxwYi8DOFfwlCOP0MURltjjH-QIsgAsJ1p7--KIC..JOROMO2u_x7WbmPlWROhQxdCaIY-Q639bZpu8IWRc30C

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/429f4e0..e5067b0

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/1c179b5..6500963

Rolling v8/third_party/instrumented_libraries: https://chromium.googlesource.com/chromium/src/third_party/instrumented_libraries/+log/7dab69f..a736941

Rolling v8/tools/luci-go: git_revision:68355732afb00a422ae0c70eed95c6a45f9868b1..git_revision:d17c642c8c3c6d9e37bd9c25535c4c5b66b99781

Rolling v8/tools/luci-go: git_revision:68355732afb00a422ae0c70eed95c6a45f9868b1..qLMs01I9Ry2iQnzjXEE-TVzz-tLGynUTnCfDp0JgjnAC

Rolling v8/tools/luci-go: git_revision:68355732afb00a422ae0c70eed95c6a45f9868b1..git_revision:d17c642c8c3c6d9e37bd9c25535c4c5b66b99781

TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I4d277c7cb14ecc226a116d4013840c86f1dec456
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3264753Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#77747}

Bug: v8:12228
Change-Id: I49b2e1a1c837b96ea2e7cb58f42314109845b7fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3263766Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Yolanda Chen <yolanda.chen@intel.com>
Cr-Commit-Position: refs/heads/main@{#77746}

Currently we are calculating the offset manually. This method
uses code patching to re-emit the instruction with correct offset
when the value is available.

Change-Id: Ie68580398df92ed2ab57c3972f408cfde8e60432
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3264746
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#77745}

This CL adds support for handling calls to C functions with arbitrary
signatures on the arm64 simulator. It adds infrastructure for
encoding the signature data from CallDescriptor and FunctionInfo
classes into a compact representation, stored in the simulator and
called EncodedCSignature.

Design doc:
https://docs.google.com/document/d/1ZxOF3GSyNmtU0C0YJvrsydPJj35W_tTJZymeXwfDxoI/edit

This CL is a follow up on the native support added in
https://chromium-review.googlesource.com/c/v8/v8/+/3182232
and is partially based on the previous attempt:
https://chromium-review.googlesource.com/c/v8/v8/+/2343072

Bug: chromium:1052746
Change-Id: I0991b47bd644b2fc2244c5eb923b085261f04765
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060486
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77744}

This is to reduce eng-review bottleneck when new dot files are added
to the top-level directory.

No-Try: true
Bug: chromium:1266833
Change-Id: I62e1155e90f3f07bca15ca0b23d3308904ecaecb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3264284Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77743}

Bug: chromium:1266833
Change-Id: I3ec80560881c596c41df389c754a5b01f911bb9a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3260516
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77742}

After the snapshot data ends, interpret the rest as normal JS code.

Bug: v8:11525
Change-Id: I8de4cf4027e582e6b8e330dda7708623373d2675
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3263896Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77741}

R=ahaas@chromium.org
CC=fgm@chromium.org

Bug: v8:12191
Change-Id: I415c4488262a97cf04b71fd8e96071c7bff972cf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3231337Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77740}

Torque allows a `weak` keyword on class field declarations. This keyword
is confusing, because it means two completely different things:

1. This field should be included in the weak fields section, meaning the
   field's offset should be in the range [kStartOfWeakFieldsOffset,
   kEndOfWeakFieldsOffset).
2. If a BodyDescriptor is generated for this class, then this field
   should be visited using *custom* weakness semantics
   (IterateCustomWeakPointers, not IterateMaybeObjectPointers).

I propose the following updated behavior, which I think is a bit more
reasonable:

1. To request that the generated BodyDescriptor use custom weakness
   semantics, use a new annotation @customWeakMarking.
2. The weak fields section includes all fields that can be a Weak<T>
   type, plus those annotated with @customWeakMarking.

These new rules require reordering fields in two classes which didn't
already have all of their strong fields adjacent.

Bug: v8:7793
Change-Id: Ic9d741986afa7fc1be3de044af5cae11a3c64d8c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3261968
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77739}

We use the InvokeParams to pass host-defined options to Invoke.
The script should never access them directly and thus we should clear
out the argv and argc values.

Bug: chromium:1244145
Change-Id: I915186d624f92581af79ca62bcb1613bc4069640
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3263891Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77738}

Change-Id: Ie5d8ec9030df9f838522b4531205e71394a988da
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3263884
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77737}

The old check didn't expect to see an already evacuated object.

Bug: v8:11880
Change-Id: I5a105e3ae8c04df0061e96f0650c5bd3e66264de
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3264286
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77736}

This is a reland of 92edf9a1

Introduce map handle again to prevent corruption.

Drive-by-fix:
Make some PropertyDetails and Representation methods constexpr.

Original change's description:
> [runtime] Optimise paired instance type checks
>
> Clang doesn't optimise over handle derefs. Change the ValueSerializer
> and the JsonStringifier to use InstanceType directly for checks.
> This CL squeezes another 1.5% of JSON.stringify in local benchmarks.
>
> Drive-by-fix:
> - Avoid a few more derefs in the JsonStringifier
> - Make JsonStringifier::SerializeJSArray a bit more readable
>
> Change-Id: I37626a6d92a8d9275611a4e6d1d908f2e0c6d43b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3247637
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77697}

Change-Id: I8915a82aab6dd7966223a4d7a8dd1363258b7c81
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3260512
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77735}

R=ahaas@chromium.org

Bug: v8:12191
Change-Id: I15a5507a7dd0f02a3bbe9d3ce200206adf4d4539
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3231075
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77734}

The new callback does no longer use ScriptOrModule but rather gets the
host-defined options and the referrer name as separate arguments.

This brings us one step closer to deprecate ScriptOrModule and putting
the host-defined options in the script context.

- Add v8::Data::IsFixedArray and cast helpers
- Deprecate HostImportModuleDynamicallyWithImportAssertionsCallback soon
- Add Script::Run entry point that explicitly takes host-defined
  options (unused yet)

Bug: chromium:1244145
Change-Id: I08bc92cfb3b79d840e766fb71b8d91d301f4399c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3263893
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77733}

CodeSpaceMemoryModificationScope should only be used by the main
thread and during a safepoint. This adds a check in
CodeSpaceMemoryModificationScope.

The reason for this is that CodeSpaceMemoryModificationScope is not
thread-safe. It assumes that no other thread is modifying code space
(either by setting memory permission or adding a new page).

This CL also replaces CodeSpaceMemoryModificationScope to
CodePageCollectionMemoryModificationScope in a few occurrences, where
the former is not needed. This should not hurt performance.

Bug: v8:12054
Change-Id: I2675e667782c6ad8410877a4e64374899066bcd1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3263890
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77732}

Report young generation GC statistics to the Recorder API.
These will be used by Blink to populate UMA histograms.
Existing UMA reporting in V8 remains as is for now and will be removed
in a followup.

This CL goes together with:
https://chromium-review.googlesource.com/c/chromium/src/+/3247446

Change-Id: I1fed070d4a3996c4d0d8942b455d722afafcc4ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3247635
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77731}